Quick Start

  1. Step 1: Enable Console Access
  2. Step 2: Generate API Credentials
  3. Step 3: Configure the Technology in Workbench

Step 1: Enable Console Access

  1. Sign in to the Sumo Logic CIP console to create a new user.

  2. Navigate to Administration > Users and Roles > Users and click the Add User button at the top right of the page.

    users_and_roles.png
  3. Fill in the below information.

    create_new_user.png
    • For First Name, type Expel.

    • For Last Name, type SOC analysts.

    • For Email, type soc+<your_company_name>@expel.io.

      Note
      Yes, the "+" sign is part of the email address, and it's important. Click here to find out why.

    • For Assigned Roles select the Analyst role.

    • Click Add New User.

  4. Verify that Expel SOC now appears on the Users page.

  5. Sign into Sumo Logic Cloud SIEM Enterprise console.

  6. Navigate to Accounts.

    accounts_cse.png
  7. Click Invite at the top right of the page.

    invite_cse.png
  8. Invite the Sumo Logic CIP user from step 1 with a role of Analyst.

    invite_users_cse.png

Step 2: Generate API Credentials

  1. Edit the Sumo Logic Cloud SIEM Enterprise user created in Step 1.

  2. Select API Key Enabled.

    api_key_enabled_Cse.png
  3. Select YES, REGENERATE API KEY.

    regenerate_api_key_cse.png
  4. Click UPDATE and log out.

  5. Log back into Sumo Logic Cloud SIEM Enterprise console with the new user created in Step 1.

  6. Click the user profile at the top right of the page.

    profile_cse.png
  7. Copy API Key and make note of it.

    copy_api_key_cse.png

Step 3: Configure the Technology in Workbench

  1. In a new browser tab, log into https://workbench.expel.io.

  2. On the console page, navigate to Settings and click Security Devices.

  3. At the top of the page, click Add Security Device.

    Button_WB_add_security_device.png
  4. Search for and select Sumo Logic Cloud.

  5. Type Name and Location. For example Sumo Logic Cloud SIEM Enterprise and Expel Lab.

    sumo_logic_cloud_device_template.png
    • For Server, type the Sumo Logic Cloud SIEM Enterprise URL.

    • For API Key, type the API Key copied and noted during Step 2.

    • For Console Login, type the information for user created in Step 1.